Giuzzilla edited a comment on issue #2731: Give users the rights to change their password URL: https://github.com/apache/incubator-superset/issues/2731#issuecomment-526084006 It's possible to make them see their own profile + see the password change button + allowing them to change their own password without allowing `can edit on UserDBModelView` nor `* ResetPasswordView,` by enabling only these permissions: ``` can this form post on ResetMyPasswordView, can this form get on ResetMyPasswordView, can userinfo on UserDBModelView, resetmypassword on UserDBModelView ``` Is there anything that I'm missing or a potential security issue with these enabled?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org